Loading
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
Use CWE-22, Nginxui vendor hub and Nginx Ui product page to widen CVE-2024-23827 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-33032, CVE-2026-27944 and CVE-2026-33026 for nearby disclosures in the same product family.